Fastlane builds failing in CI

Question

Fastlane builds failing in CI

steinbro opened this issue a year ago · comments

Daniel W. Steinbrook commented a year ago

See e.g. https://github.com/soundscape-community/soundscape/actions/runs/5945776471/job/16125363745

@Oliver2213 was this working before, or are there still missing pieces that need to be filled in?

Daniel W. Steinbrook · Answer 1 · Sun Oct 29 2023 07:25:39 GMT+0800 (China Standard Time)

@2kai2kai2 Is this something that's easily fixable?

2kai2kai2 · Answer 2 · Wed Nov 01 2023 04:09:48 GMT+0800 (China Standard Time)

Not sure. I have a few ideas as to what it might be:

Pods compatibility issues
Signing issues
Something with localization

Can we run the workflow again on the most recent version to see if it was the first one? (and has potentially been resolved by the removal of cocoapods?)

Daniel W. Steinbrook · Answer 3 · Wed Nov 01 2023 09:02:45 GMT+0800 (China Standard Time)

Good call -- the app does report building successfully now, but it fails at the upload stage since we're still using @Oliver2213's credentials: https://github.com/soundscape-community/soundscape/actions/runs/6714118429/job/18246849543

Will need to update the email here, and a runner environment variable somewhere: https://github.com/soundscape-community/soundscape/blob/main/apps/ios/fastlane/Appfile#L2

Daniel W. Steinbrook · Answer 4 · Thu Nov 09 2023 08:54:28 GMT+0800 (China Standard Time)

Some guides suggests best practice is to use an App Store Connect API key, rather than a username/password, to authenticate Fastlane in a CI build. The Apple docs indicate that only an account admin can generate the key, and although it can have limited privileges, it can't be limited to a single app. Because we're currently using an Apple Developer account for a broader organization, this limitation might be prohibitive. I'd still like to have this process not tied to anyone's individual account. Maybe we should make an Apple ID out of the shared community.soundscape@gmail.com email address and use that to publish builds?

RDMurray · Answer 5 · Thu Nov 09 2023 19:32:09 GMT+0800 (China Standard Time)

I looked through the Fastlane docs and came to the same conclusion. They recommend a dedicated apple id with the app manager role (needed by the fastlane match command), and an API key for uploading builds from Github actions.

There might be some hacky way to get round it with xcode automatic signing, but two factor authentication makes it difficult.

Perhaps the best we can do just now is to modify the Fastlane configuration to use Xcode automatic signing to ease the process of releasing testflight builds by developers, even though it wouldn't work in Github actions.

RDMurray · Answer 6 · Thu Nov 09 2023 19:36:31 GMT+0800 (China Standard Time)

To clarify the above, Xcode automatic signing is the only way to upload builds for Testflight or the Appstore without the app manager role, and Xcode automatic signing requires Xcode to be signed into an Apple Id, which it isn't when running on Github Actions.